package org.example.mybatis.controller;

import org.example.mybatis.model.UserInfo;
import org.example.mybatis.service.UserService;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.annotation.Resource;
import java.util.List;

@RestController
@RequestMapping("/user")
public class UserController {
  @Resource(name = "userService")
  private UserService userService ;

  @RequestMapping("/u1")
    public List<UserInfo> u1(){
      return userService.queryUserInfoList();
  }

  /**
   * 模拟 SQL 注入 , 实现无需密码登录
    */
   @RequestMapping("/login")
  public boolean login(String username , String password)
  {
     // 1. 根据 用户名和 密码  查询数据库
     UserInfo userinfo = userService.queryUserInfoByUserNameAndPassword(username , password);
      if(userinfo == null) return false ;
     return   true;
  }

}
